---
title: "Open Source Intelligence (OSINT) — AP Cybersecurity Definition"
description: "Open source intelligence (OSINT) is freely available info attackers gather during reconnaissance. Learn how it fuels social engineering and shows up on the AP Cybersecurity exam."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/open-source-intelligence"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 2"
---

# Open Source Intelligence (OSINT) — AP Cybersecurity Definition

## Definition

Open source intelligence (OSINT) is freely and publicly available information, such as social media profiles, company websites, and news articles, that adversaries gather during the reconnaissance phase of a cyberattack to learn about a target before striking.

## What It Is

Open source intelligence ([OSINT](/ap-cybersecurity/key-terms/osint "fv-autolink")) is information anyone can find without breaking into anything. Think social media profiles, public company directories, job postings, news articles, and website footers. None of it is stolen or hacked. It's just sitting out in the open.

In [AP Cybersecurity](/ap-cybersecurity "fv-autolink"), OSINT lives in the **[reconnaissance](/ap-cybersecurity/unit-1/ai-based-cybersecurity-attacks/study-guide/f3ZMXhsLGaHVUDgQUpge "fv-autolink") phase** of a cyberattack (EK 2.1.C.2). Before an adversary tries to break in, they scope out the target. They figure out who works there, what the network looks like, and which people might be easy to trick. OSINT is the quiet, legal first move that makes the loud, illegal moves later much easier.

## Why It Matters

OSINT shows up in **[Unit 2](/ap-cybersecurity/unit-2 "fv-autolink"): Securing Spaces**, under topic 2.1 Cyber Foundations. It directly supports learning objective AP Cybersecurity 2.1.C, which asks you to describe the phases of a cyberattack. OSINT is the engine of the very first phase, reconnaissance (EK 2.1.C.2). It also connects backward to AP Cybersecurity 2.1.A on [social engineering](/ap-cybersecurity/key-terms/social-engineering "fv-autolink"), because the personal details an attacker scrapes through OSINT are exactly what they use to build a believable pretext. If you understand OSINT, you understand why a cyberattack so often starts not with code, but with a Google search.

## Connections

### Social Engineering and Pretexting (Unit 2)

OSINT is the ammo; social engineering is the gun. An attacker scrapes your job title and coworkers' names off LinkedIn (OSINT), then uses those details to craft a believable pretext (EK 2.1.A.2) so a [phishing](/ap-cybersecurity/key-terms/phishing "fv-autolink") email feels legit.

### Phases of a Cyberattack (Unit 2)

OSINT belongs to reconnaissance, the first of six attack phases (EK 2.1.C.1). Everything after it, like [initial access](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh "fv-autolink") and lateral movement, gets easier when the attacker already knows the layout from public info.

### Likelihood in Risk Assessment (Unit 2)

The more an organization exposes publicly, the more OSINT an attacker can collect, which raises the [likelihood](/ap-cybersecurity/key-terms/likelihood "fv-autolink") that a vulnerability gets exploited (EK 2.1.D.4). Minimizing your public footprint is a real way to lower risk.

### Types of Adversaries (Unit 2)

Even low-skilled script kiddies (EK 2.1.B.1) can run OSINT, because it needs no special tools. That's exactly why it's so common: anyone can do it, and it's not illegal to look.

## On the AP Exam

Expect OSINT on multiple-choice questions that describe an attacker doing something passive and public, then ask you to name it. Watch for stems like "an attacker searches public databases, reviews company websites, and examines social media profiles to learn about the target." The correct answers are usually "reconnaissance" (the phase) or "open source intelligence" (the technique). The trap is picking a later attack phase, so anchor on the word "publicly available." If the info was free to find and the attacker hasn't broken in yet, it's OSINT during reconnaissance.

## open source intelligence vs reconnaissance

Reconnaissance is the phase (the WHEN). Open source intelligence is one method used during that phase (the HOW). All OSINT happens during reconnaissance, but reconnaissance can also include other information-gathering methods. If a question asks for a phase, answer reconnaissance; if it asks what kind of information the attacker collected, answer OSINT.

## Key Takeaways

- Open source intelligence (OSINT) is freely and publicly available information, never anything stolen or hacked.
- OSINT happens during the reconnaissance phase, the first phase of a cyberattack (EK 2.1.C.2).
- Attackers feed OSINT into social engineering, using your public details to build believable pretexts.
- Because OSINT requires no special tools, even low-skilled adversaries like script kiddies can use it.
- Limiting an organization's public footprint lowers the likelihood that a vulnerability gets exploited.

## FAQs

### What is open source intelligence in AP Cybersecurity?

It's freely and publicly available information, like social media, company websites, and news articles, that an adversary gathers during the reconnaissance phase to learn about a target before attacking (EK 2.1.C.2).

### Is collecting OSINT illegal?

No. By definition OSINT is public, so simply looking at it isn't hacking and isn't a crime. The illegal part comes later, when the attacker uses that information to break in or trick someone.

### How is OSINT different from reconnaissance?

Reconnaissance is the attack phase (the first one), and OSINT is a method used inside that phase. Think of reconnaissance as the chapter and OSINT as one of the techniques in it.

### What are examples of OSINT an attacker might use?

Employee LinkedIn profiles, company website directories, job postings that reveal what software a company runs, news articles, and public databases. All of it is free to find.

### Why does OSINT matter for social engineering?

The personal details an attacker scrapes through OSINT become the believable backstory for a pretext (EK 2.1.A.2). Knowing your manager's name and your project makes a fake email far more convincing.

## Related Study Guides

- [2.1 Cyber Foundations](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/open-source-intelligence#resource","name":"Open Source Intelligence (OSINT) — AP Cybersecurity Definition","url":"https://fiveable.me/ap-cybersecurity/key-terms/open-source-intelligence","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/open-source-intelligence#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:32.467Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/open-source-intelligence#term","name":"open source intelligence","description":"Open source intelligence (OSINT) is freely and publicly available information, such as social media profiles, company websites, and news articles, that adversaries gather during the reconnaissance phase of a cyberattack to learn about a target before striking.","url":"https://fiveable.me/ap-cybersecurity/key-terms/open-source-intelligence","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.B"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.C"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.D"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.E"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.F"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.G"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is open source intelligence in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"It's freely and publicly available information, like social media, company websites, and news articles, that an adversary gathers during the reconnaissance phase to learn about a target before attacking (EK 2.1.C.2)."}},{"@type":"Question","name":"Is collecting OSINT illegal?","acceptedAnswer":{"@type":"Answer","text":"No. By definition OSINT is public, so simply looking at it isn't hacking and isn't a crime. The illegal part comes later, when the attacker uses that information to break in or trick someone."}},{"@type":"Question","name":"How is OSINT different from reconnaissance?","acceptedAnswer":{"@type":"Answer","text":"Reconnaissance is the attack phase (the first one), and OSINT is a method used inside that phase. Think of reconnaissance as the chapter and OSINT as one of the techniques in it."}},{"@type":"Question","name":"What are examples of OSINT an attacker might use?","acceptedAnswer":{"@type":"Answer","text":"Employee LinkedIn profiles, company website directories, job postings that reveal what software a company runs, news articles, and public databases. All of it is free to find."}},{"@type":"Question","name":"Why does OSINT matter for social engineering?","acceptedAnswer":{"@type":"Answer","text":"The personal details an attacker scrapes through OSINT become the believable backstory for a pretext (EK 2.1.A.2). Knowing your manager's name and your project makes a fake email far more convincing."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 2","item":"https://fiveable.me/ap-cybersecurity/unit-2"},{"@type":"ListItem","position":4,"name":"open source intelligence"}]}]}
```
